Univention Bugzilla – Full Text Bug Listing |
Summary: | User is rejected if the username is too long | ||
---|---|---|---|
Product: | UCS | Reporter: | Andre Fenske <fenske> |
Component: | AD Connector | Assignee: | Samba maintainers <samba-maintainers> |
Status: | RESOLVED WONTFIX | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, requate, scheinig |
Version: | UCS 4.1 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=34973 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 2: Improvement: Would be a product improvement |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.034 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2018111921000327 | Bug group (optional): | |
Max CVSS v3 score: |
Description
Andre Fenske
2009-03-17 10:36:19 CET
This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value. It still fails with a newer UCS version and with Windows 2008 R2: ----------------------------------------------------------------------------- 18.02.2016 20:59:29,320 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=rrrrrrrrrrrrrrrrrrrrrrrrrrrr,cn=users,DC=ad17,DC=local 18.02.2016 20:59:29,336 LDAP (WARNING): sync failed, saved as rejected 18.02.2016 20:59:29,351 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2341, in sync_from_ucs self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) #FIXME encoding File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 202, in add_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) OTHER: {'info': '00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0\n', 'desc': 'Other (e.g., implementation specific) error'} ----------------------------------------------------------------------------- It is a limitation in AD. So, the only thing we can do is to limit the username length or to show a warning or to adjust the documentation. Happened Again in a customer environment, caused by the automatically added user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682 19.11.2018 09:30:47,836 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=importhttpapi-ucs-bac-01,cn=users,DC=scheinig,DC=lan 19.11.2018 09:30:47,842 LDAP (WARNING): sync failed, saved as rejected 19.11.2018 09:30:47,842 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 782, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'))) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2447, in sync_from_ucs self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) # FIXME encoding File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 210, in add_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) OTHER: {'info': '00000523: SysErr: DSID-031A1291, problem 22 (Invalid argument), data 0\n', 'desc': 'Other (e.g., implementation specific) error'} (In reply to Christina Scheinig from comment #4) > Happened Again in a customer environment, caused by the automatically added > user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682 I think we can't change AD here. If the username creation is a problem, please file a bug against the part which creates the username. As a workaround the username can be blacklisted. (In reply to Stefan Gohmann from comment #5) > (In reply to Christina Scheinig from comment #4) > > Happened Again in a customer environment, caused by the automatically added > > user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682 > > I think we can't change AD here. If the username creation is a problem, > please file a bug against the part which creates the username. > > As a workaround the username can be blacklisted. We found the problem. In this special case, the migration of the object from users/user to users/ldap was not successful, and the automatic blacklisting did not take place. |